When EndPointSecurity Volume Encryption is used, any User who is allowed/granted access to the Device Category in which the encrypted device is discovered from the Target Scan option, will be able to decrypt or remove the encryption by entering the password.